Shared Security Podcast

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show ** Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html https://www.linkedin.com/pulse/understanding-recent-java-security-bug-thats-causing-stir-wilson/ https://bishopfox.com/blog/log4j-zero-day-cve-2021-44228 https://thehackernews.com/2021/12/hackers-begin-exploiting-second-log4j.html Apple AirTags Are Being Used by Car Thieves to Track High-End Vehicles https://www.newsweek.com/apple-airtags-are-being-used-car-thieves-track-high-end-vehicles-1656848 FBI document shows what data can be obtained from encrypted messaging apps https://therecord.media/fbi-document-shows-what-data-can-be-obtained-from-encrypted-messaging-apps/ Shared Security Show Interview: End-to-End Encryption with Max Krohn from Keybase.io https://sharedsecurity.net/2019/09/16/end-to-end-encryption-with-max-krohn-from-keybase-io/ ** Watch this episode on YouTube ** https://youtu.be/J9xOUkDf9-A ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document appeared first on Shared Security Podcast.

Life360, a popular family safety app used by 33 million people worldwide, is selling location data to a dozen data brokers, phones of 11 U.S. State Department employees were hacked with spyware from the infamous NSO Group, and details on a bizarre story about a mother and daughter that face 16 years in prison for hacking into a school computer system to rig a homecoming queen election. ** Links mentioned on the show ** Life360 selling location data https://themarkup.org/privacy/2021/12/06/the-popular-family-safety-app-life360-is-selling-precise-location-data-on-its-tens-of-millions-of-user AP Source: NSO Group spyware used to hack State employees https://apnews.com/article/technology-business-middle-east-israel-hacking-290f990cc1b6aa8fd870ecd540e12664 Florida teen and her mother accused of hacking homecoming queen election refuse plea deal, claiming they have been framed https://www.databreaches.net/florida-teen-and-her-mother-accused-of-hacking-homecoming-queen-election-refuse-plea-deal-claiming-they-have-been-framed/ https://www.thedailybeast.com/florida-teen-emily-grover-was-accused-of-hacking-a-homecoming-queen-contest-and-faces-16-years-in-prison ** Watch this episode on YouTube ** https://youtu.be/xq_cb-7EXXU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Life360 Selling Location Data, NSO Group Spyware Hacks Government Employees, Homecoming Queen Contest Hacked appeared first on Shared Security Podcast.

This month we discuss Business Email Compromise (BEC) scams. What are they, how to identify them, and why BEC scams have created over $1.8 billion worth of losses to businesses last year alone. ** Links mentioned on the show ** What is Business Email Compromise? https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise 64 times worse than ransomware? FBI statistics underline the horrific cost of business email compromise https://www.tripwire.com/state-of-security/featured/fbi-statistics-underline-orrific-cost-of-business-email-compromise/ ** Watch this episode on YouTube ** https://youtu.be/Sc4tFdfYEqg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Business Email Compromise Scams appeared first on Shared Security Podcast.

Is the TikTok app listening to you and playing videos based on your conversations? Apple takes the unique step of warning certain activists that their phones may be targeted by attackers, and details on how a UK government website was serving porn to its visitors. ** Links mentioned on the show ** Is TikTok listening to me? https://www.reddit.com/r/privacy/comments/r38jrn/tik_tok_listening_to_me/ https://tosdr.org/en/service/1448 https://www.tiktok.com/legal/privacy-policy-eea?lang=en Terms of Service Didn’t Read https://tosdr.org/en/frontpage Apple Warns Activists They Are Being Watched by Spyware https://www.vice.com/en/article/4awvk3/apple-activists-pegasus-spyware UK government transport website caught showing porn https://www.bleepingcomputer.com/news/security/uk-government-transport-website-caught-showing-porn/ ** Watch this episode on YouTube ** https://youtu.be/9Z63tFnkeMk ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Is TikTok Listening to You, Apple Warns Activists, UK Government Website Shows Porn appeared first on Shared Security Podcast.

Co-host Scott Wright joins Tom Eston for part three in our series on how to break into a cybersecurity career. Scott shares his career journey and gives us some insight into his career path going from consulting into starting his own company. If you’re a college student or thinking about getting into cybersecurity, this is one episode you don’t want to miss! ** Links mentioned on the show ** Connect with Scott Wright https://www.linkedin.com/in/scottwright/ https://twitter.com/streetsec So, you want to work in security? https://medium.freecodecamp.org/so-you-want-to-work-in-security-bc6c10157d23 Entering the InfoSec Biz https://defensivesecurity.org/entering-information-security-industry/ How to Build a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/ Start in Infosec (Really great list of career/just starting out advice) https://malicious.link/start/ ** Watch this episode on YouTube ** https://youtu.be/n1ZlByXUNaI ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post How to Break Into a Cybersecurity Career – Part 3 with Scott Wright appeared first on Shared Security Podcast.

In milestone episode 200: The Federal Bureau of Investigation’s external email system was compromised sending spam emails with a fake warning of a cyber-attack, new research released about ransomware negotiation and some helpful negotiation tips, and details on Mozilla’s naughty list of privacy-crushing gifts. ** Links mentioned on the show ** FBI email system compromised by hackers who sent fake cyberattack alert https://www.msn.com/en-us/news/us/fbi-email-system-compromised-by-hackers-who-sent-fake-cyberattack-alert/ar-AAQGp3Z How to Negotiate With Ransomware Attackers https://www.darkreading.com/attacks-breaches/how-to-negotiate-with-ransomware-attackers Bad Santa: Amazon, Facebook top Mozilla’s naughty list of privacy-crushing gifts https://www.zdnet.com/article/bad-santa-amazon-facebook-top-mozillas-naughty-list-of-privacy-crushing-gifts ** Watch this episode on YouTube ** https://youtu.be/BzgqqxPqFEg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post FBI Email System Compromised, Ransomware Negotiation, Privacy Crushing Gifts appeared first on Shared Security Podcast.

Details on the Robinhood data breach (apparently caused by a social engineering attack) affecting approximately 7 million customers, and a discussion about surveillance and privacy concerns from a 600-hour leak of Dallas Police Department helicopter footage. ** Links mentioned on the show ** Robinhood Trading App Suffers Data Breach Exposing 7 Million Users’ Information https://thehackernews.com/2021/11/robinhood-trading-app-suffers-data.html https://blog.robinhood.com/news/2021/11/8/data-security-incident Activists leak 600 hours of mostly Dallas police helicopter footage after city’s 22 terabyte loss of criminal case data https://www.courthousenews.com/activists-leak-600-hours-of-mostly-dallas-police-helicopter-footage-after-citys-22-terabyte-loss-of-criminal-case-data/ https://ddosecrets.com/wiki/Aerial_Surveillance_Footage Shared Security Show Merch https://store.sharedsecurity.net ** Watch this episode on YouTube ** https://youtu.be/J3gHVb5qYYg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity Shared Security Merch: https://store.sharedsecurity.net The post Robinhood Data Breach, 600 Hours of Dallas Police Helicopter Footage Leaked appeared first on Shared Security Podcast.

Facebook shuts down their face recognition system and deletes more than a billion facial recognition templates, how phone bots are being used to trick victims into giving up their multi-factor authentication codes, and the US blacklists the NSO Group and 3 other companies for malicious cyber activities. ** Links mentioned on the show ** Face Recognition Is So Toxic, Facebook Is Dumping It https://www.eff.org/deeplinks/2021/11/face-recognition-so-toxic-facebook-dumping-it https://about.fb.com/news/2021/11/update-on-use-of-face-recognition/ Hackers Are Outsourcing Social Engineering to Bots https://podcasts.apple.com/us/podcast/hackers-are-outsourcing-social-engineering-to-bots/id1441708044?i=1000540546679 https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware https://thehackernews.com/2021/11/us-sanctions-pegasus-maker-nso-group.html https://www.schneier.com/blog/archives/2021/11/us-blacklists-nso-group.html Webinar with Tom Eston on November 10: What Bad Could Happen? Managing Application Risk with Threat Modeling https://bishopfox.com/resources/manage-application-risk-with-threat-modeling-webcast Getting the most value from phishing assessments with the Phishing Assessment Optimizer http://clickarmor.ca/opimizer ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Facebook Dumps Face Recognition, Social Engineering Bots, US Sanctions NSO Group appeared first on Shared Security Podcast.

Dana Mantilia joins us this month to talk about cybersecurity awareness, her incredible YouTube channel, and the ever changing role of the CISO (Chief Information Security Officer). ** Links mentioned on the show ** Connect with Dana and subscribe to her YouTube Channel https://www.linkedin.com/in/dana-mantilia/ https://www.youtube.com/c/IdentityProtectionPlanningwithDana/videos ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Interview with Dana Mantilia and the Role of the CISO appeared first on Shared Security Podcast.

Do we really need a federal data agency to regulate social media companies? Watch out for Squirrelwaffle and Qakbot malspam attacks, and ransomware hits a major candymaker ahead of Halloween (is nothing sacred anymore?!) ** Links mentioned on the show ** Facebook and social media endanger Americans. We need a federal data agency. https://www.nbcnews.com/think/politics-policy/facebook-rcna3704 Hackers Using Squirrelwaffle Loader to Deploy Qakbot and Cobalt Strike https://thehackernews.com/2021/10/hackers-using-squirrelwaffle-loader-to.html Sticky business: Ransomware hits U.S. candymaker ahead of Halloween https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391 ** Watch this episode on YouTube ** https://youtu.be/IrnrRSMU4SI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Federal Data Agency for Social Media, Squirrelwaffle Malspam, Ransomware Hits U.S. Candymaker appeared first on Shared Security Podcast.